Adware/WSearch
Analysis
- Downloads a file from the URL http://pi{REMOVED}ou.com/ and saves it to the Temporary folder as PigUp.exe.
- Creates the following registry entries:
HKEY_CURRENT_USER\Software\MSWord\Search
HKEY_CURRENT_USER\Software\PigUp
Autostart Mechanism
- Creates the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
PigUpdate = "[Adware Path and Filename]"
Recommended Action
-
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2021-11-16 | 89.06923 | |
2021-09-02 | 88.00828 | |
2021-06-01 | 86.00601 | |
2021-03-20 | 84.00856 | |
2021-01-26 | 83.57800 | Sig Updated |
2020-11-05 | 81.62100 | Sig Updated |
2020-10-06 | 80.89700 | Sig Updated |
2020-09-08 | 80.22400 | Sig Updated |
2020-09-01 | 80.05600 | Sig Updated |
2020-08-13 | 79.60100 | Sig Updated |